Trend Micro InterScan Web Security Suite Local Privilege Escalation

2011-12-09T00:00:00
ID SAINT:35DE0E166004D752122A342A1C171F4F
Type saint
Reporter SAINT Corporation
Modified 2011-12-09T00:00:00

Description

Added: 12/09/2011
BID: 50380
OSVDB: 76637

Background

Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway.

Problem

Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. The code performs a setuid(0) before a system() by that the execution will take root permissions regardless of user permissions. Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.

Resolution

No updates which address this vulnerability are available at this time.

References

<http://buguroo.com/adv/BSA-2011-002.txt>
<http://seclists.org/fulldisclosure/2011/Oct/871>
<http://us.trendmicro.com/us/products/enterprise/interscan-web-security-suite/>

Limitations

This exploit has been tested against Trend Micro InterScan Web Security Suite 3.1 on Fedora 13 Linux.

Platforms

Linux
SunOS / Solaris